[2689] in Kerberos
Re: The Clipper Chip:.... what about RSA?
daemon@ATHENA.MIT.EDU (Robert G. Moskowitz)
Wed Apr 21 14:06:13 1993
Date: Wed, 21 Apr 93 17:18 GMT
From: "Robert G. Moskowitz" <0003858921@mcimail.com>
To: smb <smb@research.att.com>
Cc: kerberos <kerberos@Athena.MIT.EDU>
>I think that the Garon and Outerbridge paper (July '91 Cryptologia)
>establishes the parameters fairly well. In essence, a well-funded
>criminal organization can achieve a profitable return on their investment
>in a DES-cracker *if* they can recover a master key used to transmit
>session keys for an EFT system (and, of course, if there are no other
>safeguards).
That is the situation for DES. Sounds like if I keep my session times short
enough with Kerberos, I should be OK. But how short? 10 Hours?
But what about RSA. More specifically the implementations that NOVELL and
Microsoft supposedly use in their Network Operating Systems, NETWARE and LAN
MANAGER. I am trying to remember (probably should just break out the sniffer)
if the userid is encrypted along with the password. If so, you've got clear
text for an attach, as I can always find out a user's ID. Does anyone here know
about the openess to attack of these two or where I can go to?
Bob Moskowitz
Chrysler Corp
